Author
Topic: how to fight off a *nasty* computer infection (Read 2469 times)

This isn't robot related, but I learned a lot today from a really nasty virus that hit my computer. And hopefully it'll save you time and money better spent on robots . . .

How nasty of a computer virus? Picture this: it'll block you from going to Windows Update, downloading/installing anti-virus programs, is mostly undetectable by the top 5 anti-virus programs, and will prevent you from posting on webforums so that you can get help (that last one shocked me the most).

Step 1: PreventionAlways update all of your software that's most likely to get you infected: your browser, Adobe Acrobat, Windows Update, Flash, and Java. IE9, Firefox 3.6, and Chrome are about equally safe (I was infected while using Chrome, thought to be the safest).

Always have at least two browsers installed. In my infection, Chrome stopped functioning completely, but Firefox still worked (although it kept randomly loading malware sites).

Always keep your firewall on. I recommend Comodo, with sandbox enabled:http://personalfirewall.comodo.com/However, I was infected despite the firewall - it did however prevent the virus from transmitting data out, the first sign that I was infected.

Always have your anti-virus program running at full, even if it occasionally slows your computer. It's better than having your credit card information sent to some guy in Russia!

Always be aware of what programs normally run on your computer, so that you can identify the bad programs when they come. I use HijackThis for this, and it also helps me remove all the harmless crapware that slows down my computer as well: http://free.antivirus.com/hijackthis/

IMPORTANT: HijackThis does not determine what is good or bad. Do not make any changes to your computer settings unless you are an expert computer user. If you delete an important registry value, you could completely f' up your computer

Step 2: Prepare for the WorstDespite preventative measures, the nastiest of viruses will squeeze right past your defenses. The worst would even be undetectable by most anti-virus software. So it's only a matter of when, not if.

I might take some flack for this comment, but Linux will make a great backup OS. If your windows is f'ed up beyond repair, you can use Linux to:- search the web for help- download anti-virus software- recover lost dataIt's actually the only reason I keep Linux installed . . .

Download all the anti-virus software you think you'll need *now*, before the virus blocks you from getting it later. Even install a few, just in case. See my links below.

And of course backups . . .

Create a System Restore Point by -> Start Menu: Click Start, Programs, Accessories, System Tools, System Restore. Then just follow the instructions.

Backup your important data on a USB Key and keep it in an OFF SITE location, such as a bank safety deposit box, your locked work office desk, or at a friends place (as a trade). After all, a house fire destroys everything in your house

Step 3: ArmeggeddenNow that you're seriously infected, follow these steps one by one. It'll take you probably the entire day - but don't skip a step or think you're done because your problem appears fixed. Do all, to the very end. Each program is likely to find a virus/issue that the others missed (which happened in my case).

5) Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)*Let this run undisturbed until the window with the blue progress bar goes awaySFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file. You may need your Windows installation disk.

Once the short scan has finished, Click Settings > Change Settings. Under the Scanning tab UNcheck Heuristic analysis and click OK. Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.

If it finds anything, restart. If you get to this point and are still infected . . . well . . . don't bring your computer even close to mine! lol

Step 4: Save the WorldMake sure you recorded everything that infected your computer, for future reference. You may need to look up the virus later to make sure you fully cleaned it.

More importantly, keep note at the URLs the virus is sending data to/from. Or websites it forces you to go to. Report these websites. For example, in the Firefox browser under Help, there is the 'Report Web Forgery' button. This will help reduce the damage the virus will do to others who are later infected.

Don't forget to use an Ad-Block plugin for your browser, most web based viruses load through ads. (white list your favorite sites to show support, but only if you trust their webmasters do proper Ad screening :-)

Use OpenDNS, an open alternative to your ISPs DNS servers. OpenDNS will block requests to know virus infested sites and phishing sites, keeps your credit card # from going to Russia. It will also alert you if it detects outbound virus traffic from your whole network. And it loads much faster then your ISP DNS (usually) and updates there records much faster.

If you have Win 7, your OS has built in Automatic Backup scheduling. Use it, portable hard drive, network share, anything external.

File sharing is a sure fire way to get viruses, and usually illegal. If you must do it, do it carefully. Use trusted sources, check others comments, and always scan a downloaded file before you open it.

I like the free Avast Anti-virus. AVG is buggy IMHO, and has been called out for some sketchy practices (Search Slashdot).

My setup is 5 computers, Netgear router using OpenDNS, and a Windows Home server with an Avast site license. The Windows Home server wakes up all my computers at night, performs and incremental backup, scans for viruses, applies any automatic updates, and puts them back to sleep. If anything is found across my network, I get a pop-up when I turn a computer on the next day. Been virus and problem free for years.

It's also nice that I can pull past file version of source code from the backup history whenever I really mess something up. I can restore a computer from a server image using a boot-able restore disk.

Yes, Windows Home Server is the best thing M$ has ever made, you can try it free for 90 days, and it only costs $100 if you build your own server hardware. I built one with an Atom board, uses 30 Watts of power.

Don't forget to use an Ad-Block plugin for your browser, most web based viruses load through ads. (white list your favorite sites to show support, but only if you trust their webmasters do proper Ad screening :-)

Chrome and Firefox also link to anti-phishing/badwire lists, and I had those turned on . . . but even then, hackers compromise legit trustworthy sites and infect them with viruses. SoR was once compromised, infecting everyone that came . . .

Quote

What was the name of the virus you got anyway?

Viruses these days aren't singular. They come as large packages of *many* viruses, hoping that at least some of them stick. It was like 20 different viruses doing pretty much everything you can imagine. DrWeb found 12 more that all the others in the above list combined couldn't find - so I'd recommend you give it a try.

Just thought I'd add it's a nice idea to have Linux (or other OS) on a "LiveCD" that can be booted from at start up. [Given the system to save has a CD/DVD drive].It saves disk space and is easy to set up for those who dislike the idea of duel booting.

Don't forget to use an Ad-Block plugin for your browser, most web based viruses load through ads.

Use OpenDNS, an open alternative to your ISPs DNS servers. OpenDNS will block requests to know virus infested sites and phishing sites,

The previous are the two most important suggestions you will find on this page.

I will add four to the list:3) UPDATE YOUR SYSTEMS REGULARLY!!! Most vulnerabilities are discovered and patches made available before they are widely exploited. These updates are to include your operating system and other installed applications *poke poke* ADOBE.

4) Find an alternative PDF reader to Adobe reader (Foxit?). The majority of 0-days I've seen out lately are in Adobe products, Adobe Reader mainly. While the other readers often have the same vulnerabilities, due to the way MOST exploits actually work the exploit simply crashes the alternatives instead of compromising your system entirely.

Also, Inb4 the linux fanatics. No need to tell us why we should be using linux.

I am one of those linux fanatics. I use OS X and Linux exclusively. Any time I get 'technical support' calls from friends or family I send them a Ubuntu CD and walk them through installing it. They either never call me again because they are happy they never have problems, or pissed they can no longer install their malware filled time wasting games. It works out well for me.

I have no problem with the masses using and 'requiring' Windows. It keeps the bull's eye off my systems, and also keeps me employed as a security specialist. Thanks Microsoft!

Any time I get 'technical support' calls from friends or family I send them a Ubuntu CD and walk them through installing it.

I think this is only possible for a small subset of people. For example, my Mother's blood glucose meter only has Windows drivers and software. Even if I got her over her fear of change, she still couldn't use Linux because of this. And that's one of several windows only software packages she uses.

So for me, I still have to handle her tech support calls. Though now with Win7, a good anti-virus, and her using firefox; I have gotten much fewer calls then usual. Microsoft has gotten better at what they do.

Avira is a wonderful piece of software that will remove virii and malware etc.I worked at a computer shop for about a year, we used the free version of this software to remove all the virii we ever had

Avira also provides a boot disk so you can get rid of nasties without even booting windows.

did i mention its free

and a lot lighter/better/faster/more free than Norton/Mcafee/Kaspersky ...

1) dont ever let anybody near your main PC. other people have a habit of messing it up either with viruses or just the old "i dont know what happened, it just stopped woing but i didnt do anything".

2)if you have windows install cd then search for "Bart PE" this creates a bootable cd with a windows pre-install environment and basic tools for scanning, looking visually at directories and also running virus scanners.

3)keep a selection of virus scanners on an external drive, you can use them with Bart PE or just in windows if you lose your internet. They can also be used for repairing other PC's

4)remember to try to invoke "chkdsk /r"in windows, sometimes its not a virus but a disk error. the check disk although given a bad name by some is actually quite useful.

5)dont let anybody else use your pc (again). Windows now hides extensions by default(I suggest turning them on). Somebody can download a picture, the icon looks like a picture but there is no .jpg extension because in windows it doesnt show it. in fact the picture has a .exe extension and installs 500 viruses (its true they do).

6)Malwarebytes antimalware is free and by far the most effective malware remover.

7)any persistent pop ups requesting you to buy an antivirus program to get rid of some viruses it "found" on your PC is actually a virus. Dont pay any money and try to get rid of it.

8)if you still have a virus and know its name (you can usually find out) then do a google search for manual removal of it. It usually involves laboriously removing registry entries but it is worth taking the time to do it.